Kevin Minder created KNOX-49:
--------------------------------
Summary: Prevent Shiro rememberMe cookie from being returned
Key: KNOX-49
URL: https://issues.apache.org/jira/browse/KNOX-49
Project: Apache Knox
Issue Type: Improvement
Components: Server
Reporter: Kevin Minder
>From BUG-4327
We are using Apache Shiro (http://shiro.apache.org/) as our authentication plug
point. The integration is in the gateway-provider-security-shiro module. This
is working well for our LDAP authentication. However there is a built in
feature of Shiro called 'Remember Me' that is causing an extra cookie (TODO) to
be sent back to the clients. We are also returning a Hadoop specific cookie. We
would like to ensure that only the Hadoop specific cookie is returned to the
client and not the Shiro RememberMe cookie. I also noticed that we are
returning a JSESSIONID cookie that we probably don't want either.
Below is debug output from the test
gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayBasicFuncTest.testBasicHdfsUseCase
DEBUG org.apache.http.wire << "Set-Cookie:
JSESSIONID=ys17oigu62yv1s6uj34djxrp5;Path=/gateway/cluster\r\n"
DEBUG org.apache.http.wire << "Set-Cookie: rememberMe=deleteMe;
Path=/gateway/cluster; Max-Age=0; Expires=Tue, 05-Mar-2013 20:12:23 GMT\r\n"
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
